USN-330-1: tiff vulnerabilities

3 August 2006

tiff vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 6.06 LTS
• Ubuntu 5.10
• Ubuntu 5.04

Software Description

Details

Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application’s privileges.

This library is used in many client and server applications, thus you should reboot your computer after the upgrade to ensure that all running programs use the new version of the library.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS

libtiff4 - 3.7.4-1ubuntu3.2

Ubuntu 5.10

libtiff4 - 3.7.3-1ubuntu1.5

Ubuntu 5.04

libtiff4 - 3.6.1-5ubuntu0.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

References

• CVE-2006-3459
• CVE-2006-3459
• CVE-2006-3460
• CVE-2006-3460
• CVE-2006-3461
• CVE-2006-3461
• CVE-2006-3462
• CVE-2006-3462
• CVE-2006-3463
• CVE-2006-3463
• CVE-2006-3464
• CVE-2006-3464
• CVE-2006-3465
• CVE-2006-3465